Archive

Posts Tagged ‘SPF’

SPF Record: ISP SMTP Server

October 15th, 2009 No comments

Spam. It’s the bane of the Internet. Most of us get it. At work we get tons. Most (like about 90-95%) of the email we receive is spam. Some of it was getting through the filters too, which is even more annoying. For this reason, I’ve be doing quite a bit fine tuning of our spam filtering software, GFI MailEssentials. DNS blacklists have turned out to be the most effective, most of our spam doesn’t even get as far as the Junk box now.

Another thing I looked into was SPF records. I posted about SPF records a while back, but I thought I’d post again to give a few tips on the problems I encountered.

If you use a smarthost with your Exchange server then the server that is actually sending the emails is that of your ISP. This means that you have to put the address of your ISP’s server in your SPF record. No big deal right? Wrong.

You can enter the domain name of the ISP’s server, but if they don’t have an SPF record (which they probably wont), then yours will fail too.

It’s easy enough to find out the IP address of you ISP’s mail server (although they probably have more than one), but, and it’s a very big but, what if they change the IP address of their server without telling you? All of a sudden all your emails out would start SPF failing and possibly being marked as spam!

There is a way round it however. Using reverse DNS lookup. As long as the reverse DNS of your ISP’s mail server is set up correctly (if it isn’t, ask them to fix it) then you can enter this into your SPF. Just put this in your SPF record: ptr:mail.example.com

Done!

Share
Categories: Tips Tags: , ,

Windows Exchange: Spam & SPF records

October 5th, 2009 No comments

Just thought I’d do a quick post on one of two things I’ve just been looking at for Windows Exchange 2003; SPF records.

Sender Policy Framework (SPF) is basically an email validation system used to prevent spam. If you own a domain, you create an SPF record in your DNS records detailing which machines are allowed to send mail as your domain (i.e. your exchange server and possibly your ISP too). Then, when an email server receives an email, it can check on the DNS records of the domain and see if the computer who sent the email is really allowed to send email as that domain. If it’s not, the the email will be marked as spam. It will help cut down the amount of spam you get that’s addresses from yourself!

If you need help creating an SPF record, check out this excellent SPF wizard.

I’ve also just been looking at Windows Exchange Server 2003 possibly being an open relay. Will do a post on that soon.

Share
Categories: Tips Tags: , , , ,